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FIGURE 2 



DEC^^N TREE FOR DATAGRAM FROI\^^ERNET 
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IP Addresses 

Local Computer Gateway Internal Gateway External Target 

L-1 192.168.0.2 102.168.0.1 142.140.3.6 204.71.202.160 T-1 

L-2 192.168.0.4 102.168.0.1 142.140.3.6 207.46.131.137 T-2 

L-3 192.168.0.3 102.168.0.1 142.140.3.6 207.158.227.235 T-3 



FIGURE 4 




SPl table - 8 local computers communicating with 3 hosts 





TARGET 


LOCAL IP 




SPI-out 


SPI-in 


T-1 


204.71.202.160 


192.168.0.2 


L-1 


4859 


9802 






192.168.0.5 


L-x 


52856 


7000 






192.168.0.10 


L-x 


8565 


8523 


T-2 


207.46.131.137 


192.168.0.4 


L-2 


1353 


6234 






192.168.0.7 


L-x 


2562 


10125 






192.168.0.10 


L-x 


25763 


12106 


T-3 


207.158.227.235 


192.168.0.3 


L-3 


38935 


7753 






192.168.0.8 


L-x 


9093 


32828 



FIGURE 5a 




New session - new SPI-out - SPI-in set to 0 





TARGET 


LOCAL IP 




SPI-Out SPI-ln 


T-1 


204.71.202.160 


192.168.0.2 


L-1 


14662 


0 






192.168.0.5 


L-x 


52856 


7000 






192.168.0.10 


L-x 


8565 


8523 


T-2 


207.46.131.137 


192.168.0.4 


L-2 


1353 


4562 






192.168.0.7 


L-x 


2562 


10125 






192.168.0.10 


L-x 


25763 


12106 


T-3 


207.158.227.235 


192.168.0.3 


L-3 


8773 


20889 






192.168.0.8 


L-x 


9093 


32828 
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Reply packet received - New SPI-in received 





TARGET 


LOCAL IP 




SPI-OU 


SPI-IN 


T-1 


207.200.0.2 


192.168.0.2 


L-1 


14662 


3288 






192.168.0.5 


L-x 


52856 


7000 






192.168.0.10 


L-x 


8565 


8523 


T-2 


206.23.5.120 


192.168.0.4 


L-2 


1353 


6234 






192.168.0.7 


L-x 


43966 


17937 






192.168.0.10 


L-x 


25763 


12106 


T-3 


207.198.75.3 


192.168.0.3 


L-3 


8773 


20889 
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L-x 


9093 


32828 
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SEQUENCE^£PACKETS THROUGH GATEWAY^^ 
SINGLE L(|Jl machine - SINGLE TARGET 



Path 




Datagram 


Source Address 




Destination Address 


SPI 








Type 


IP 


Port 


IP 


Port 




Row 






LAN 


- Gate 


UDP 


192.168.0.2 


6404 


204.71.202.160 


80 




1 


Gate 


- Net 


UDP 


142.140.3.6 


10425 


204.71.202.160 


80 




2 


Net- 


Gate 


UDP 


204.71.202.160 


80 


142.140.3.6 


10425 




3 


Gate 


- LAN 


UDP 


204.71.202.160 


80 


192.168.0.2 


6404 




4 


LAN 


- Gate 


ISAKMP-1 


192.168.0.2 


500 


204.71.202.160 


500 




5 


Gate 


- Net 


ISAKMP-1 


142.140.3.6 


500 


204.71.202.160 


500 




6 


Net- 


Gate 


ISAKMP-2 


204.71.202.160 


500 


142.140.3.6 


500 




7 


Gate 


- LAN 


ISAKMP-2 


204.71.202.160 


500 


192.168.0.2 


500 




8 


LAN 


- Gate 


ISAKMP-3 


192.168.0.2 


500 


204.71.202.160 


500 




9 


Gate 


- Net 


ISAKMP-3 


142.140.3.6 


500 


204.71.202.160 


500 




10 


Net- 


Gate 


ISAKMP-4 


204.71.202.160 


500 


142.140.3.6 


500 




11 


Gate 


- LAN 


ISAKMP-4 


204.71.202.160 


500 


192.168.0.2 


500 




12 


LAN 


- Gate 


ISAKMP-5 


192.168.0.2 


500 


204.71.202.160 


500 




13 


Gate 


- Net 


ISAKMP-5 


142.140.3.6 


500 


204.71.202.160 


500 




14 


Net- 


Gate 


ISAKMP-6 


204.71.202.160 


500 


142.140.3.6 


500 




15 


G^fe 


- LAN 


ISAKMP-6 


204.71.202.160 


500 


192.168.0.2 


500 




16 


LA^ 


- Gate 


ESP (50) 


192.168.0.2 




204.71.202.160 




4859 


17 


Gate 


- Net 


ESP (50) 


142.140.3.6 




204.71.202.160 




4859 


18 


Ne:0- 


Gate 


ESP (50) 


204.71.202.160 




142.140.3.6 




9802 


19 


G^tfe 


- LAN 


ESP (50) 


204.71.202.160 




192.168.0.2 




9802 


20 


LA^ 


- Gate 


ESP (50) 


192.168.0.2 




204.71.202.160 




4859 


21 


Gife 


- Net 


ESP (50) 


142.140.3.6 




204.71.202.160 




4859 


22 


Neh- 


Gate 


ESP (50) 


204.71.202.160 




142.140.3.6 




9802 


23 


Gate 


- LAN 


ESP (50) 


204.71.202.160 




192.168.0.2 




9802 


24 
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- Gate 


ESP (50) 


192.168.0.2 




204.71.202.160 
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G^fe 


-Net 


ESP (50) 
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204.71.202.160 
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ESP (50) 


204.71.202.160 
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FIGURE 6 



SEQUENCE OF PACMH^THROUGH GATEWAY 
MULTIPLE LOCAL MAoSis -- MULTIPLE TARGETS 



Path 


Packet 
Tvne 


Source Address 

IP Service 


Destination Address 

IP Service 


SPI 


Active 
Process 


Row 


LAN - Gate 


UDP 




R404 
D4U4 


904 71 909 1R0 


ftO 

OU 




L-1 Out 


1 


Gate - Net 


UDP 




1 049*^ 


904 71 909 1fiO 


ftO 

OU 




T-1 In 


2 


LAN - Gate 


UDP 


1 Q9 1 fift n 4 


4SR2 


207 46 131 137 

^U 1 .tU. lOI. lOf 


1353 




L-2 Out 


3 


Gate - Net 


UDP 


149 1An R 


'37c;o(; 

O f \J^\J 


907 4fi 1*^1 1*^7 

t,U f .•tO. I O I . \ Ol 


1 ooo 




T-2 In 


4 


Net - Gate 


UDP 


904 71 909 1fin 


80 


142 140 3 6 

1^^. i*tu.o.u 


10425 




T-1 Out 


5 


Gate - LAN 


UDP 


OC\A 71 909 1fiO 


RO 


1Q9 1 fift 0 9 


fi404 




L-1 In 


6 


Net - Gate 


UDP 


907 dfi in 1 'M 


1 \J\JO 


149 140 fi 


O 1 o^o 




T-2 Out 


7 


Gate - LAN 


UDP 


907 /Ifi 1 '^1 1 "^7 


1 ooo 


1Q9 1 fift 0 4 


4f^R9 

HODZ 




L-2 In 


8 


LAN - Gate 


ISAKMP-I 


iQ9 Ififi 0 9 


'^OO 


904 71 909 ifiO 


'iOO 
OUU 




L-1 Out - Port 500 bound to 192.168.0. 


9 


Gatp - Net 


ISAKMP-1 


1 AO 1 AO *^ f\ 


'^OO 


904 71 909 1R0 


'^OO 
ouu 




T-1 In - Associated with 204.71.202.160 


10 


Net - Gate 


ISAKMP-2 


904 71 909 IfiO 


500 


149 140 fi 

l*Ti. i*tu.o.u 


500 




T-1 Out 


11 


Gate - LAN 


ISAKI\/lP-2 


904 71 909 1 fiO 




1Q9 1 fift 0 9 


SOO 
ouu 




L-l In - Port 500 released 


12 


LAN - Gate 


ISAKMP-a 


1Q9 1 fift 0 9 


500 


204 71 202 160 


500 




L-1 Out - Port 500 bound to 192.168.0. 


13 


Gate - Net 


ISAKMP-3 


149 140 ? fi 


'^OO 


904 71 909 1R0 


'lOO 
ouu 




T-1 In - Associated with 204.71.202.160 


14 


LAN - Gate 


ISAKMP-1 


1Q9 Ifift 0 


'^OO 


907 I'^fl 927 2?S 


500 




L-3 Out 


15 


GateS- Net 


ISAKMP-1 






907 1'\ft 997 9*^*^ 
cSjl . lOo.ZZr .ZOO 


R77? 

O r r O 




T-3 In - Port 500 not available 


16 


Net-nSate 


ISAKMP-4 


OC\A 71 OViO 1 RO 
^U4. ( \ .ZUZ. 1 DU 


*^00 


149 140 fi 
I4Z. I4U.O.D 


'^OO 
ouu 




T-1 Out 


17 


Gat'pA LAN 


ISAKMP-4 


0(\A 71 909 1 fin 


ouu 


1Q9 1Rfl 0 9 


^00 
ouu 




L-1 In - Port 500 released 


18 


LAN Gate 


ISAKMP-1 


1Q9 1fift 0 


'^OO 


907 l^ift 997 9'?'5 


soo 

ouu 




L-3 Out 


19 


Gate=w Net 


ISAKMP-1 


149 14n 'I R 
I4Z. I4U.0.0 


'^OO 

ouu 


0C\7 1 (^ft 997 9*^*^ 
^yjf. loo.zzf .zoo 


SOO 
OUU 




T-3 In - Port 500 bound to 192.168.0.3 


20 


LAN Gate 


ISAKMP-5 


1Q9 1 fift 0 9 


soo 


904 71 909 IfiO 


'SOO 
ouu 




L-1 Out - Port 500 not available 


21 


Gate - Net 


ISAKMP-5 


149 140 '\ fi 


'lOO 


904 71 202 IfiO 






T-1 In - Source port address translated 


22 


Net-iGate 


ISAKMP-2 


907 If^ft 997 9*^*^ 


'^OO 

ouu 


149 140 R 
1 4Z. 1 4U.O.O 


ouu 




T-3 Out 


23 


Gat^ LAN 


ISAKMP-2 


9n7 1^^ft 997 O'X^ 
cSji . lOO.ZZf .ZOO 


ouu 


1 Q9 1 Rft O 1 
1 yz. 1 OO.U.O 


f^OO 
ouu 




L-3 In - Port 500 released 


24 


LAN'-I Gate 


ISAKMP-5 


1 QO 1 Rft C\ 9 


ouu 


9n4 71 909 1R0 
ZU4.f 1 .ZUZ. IDU 


'^00 
OUU 




L-1 Out - Port 500 bound to 192.168.0. 


25 


Ga^S Net 


ISAKMP-5 


149 140 '\ fi 


'^OO 


904 71 909 IfiO 

ZU*T.f 1 ,ZU^. 1 OU 


soo 

ouu 




T-1 In -Associated with 204.71.202.160 


26 
















Time-out for T-1 Out—Port 500 released 


27 


LAN - Gate 


ISAKMP-3 


1Q9 1fifl 0 
lyZ. IDO. VJ.O 


'iOO 

ouu 


907 1*^R 997 9'^'^ 

ZU f . 1 OO.ZZ 1 .^oo 


'^OO 
ouu 




L-3 Out 


28 


Gate - Net 


ISAKMP-3 


149 140 fi '\ 
I4Z. I4U.D.O 


'^OO 
ouu 


907 1 997 9*^*^ 

ZU f . 1 OO.ZZ / .c.OsJ 


«^00 
ouu 




T-3 In - Port 500 bound to 192.168.0.3 


29 


Net - Gate 


ISAKMP-6 


904 71 909 1 RO 


'^OO 
ouu 


149 140 R 

1 HZ. 1 HU.O.O 


ouu 




T-1 Out - Port 500 blocked 


30 
















T-1 Out - packet ignored 


31 


Net - Gate 


ISAKMP-4 


207 158 227 235 


500 


142.140.3.6 


500 




T-3 Out 


32 


Gate - LAN 


ISAKMP-4 


207.158.227.235 


500 


192.168.0.3 


500 




L.3 In — Port 500 released 


33 


LAN - Gate 


ISAKMP-5 


192.168.0.2 


500 


204.71.202.160 


500 




L-1 Out - Port 500 bound to 192.168.0. 


34 


Gate - Net 


ISAKMP-5 


142.140.3.6 


500 


204.71,202.160 


500 




T-1 In - Associated with 204.71.202.160 


35 


Net - Gate 


ISAKMP-6 


204.71.202.160 


500 


142.140.3.6 


500 




T-1 Out 


36 
37 


Gate - LAN 


ISAKMP-6 


204.71.202.160 


500 


192.168.0.2 


500 




L-1 In - Port 500 released 



LAN - Gate 


ESP (50) 


192.168.0.2 




204.71.202.160 




4859i 


^bout 


38 


Gate - Net 


ESP (50) 


142.140.3.6 




204.71.202.160 




4859 




39 


LAN - Gate 


UDP 


192.168.0.4 


4562 


207.46.131.137 


1353 




L-2 Out 


40 


Gate - Net 


UDP 


142.140.3.6 


37525 


207.46.131.137 


1353 




T-2 In 


41 


Net - Gate 


ESP f50) 


204 71 202 160 




142.140.3.6 




9802 


T-1 Out 


42 


Gate - LAN 


ESP (50) 


204 71 202 160 




192.168.0.2 




9802 


L-1 In 


43 


LAN - Gate 


ISAKMP-5 


192.168.0.3 


500 


207.158.227.235 


500 




L-3 Out - Port 500 bound to 192.168.0.3 


44 


Gate - Net 


ISAKMP-5 


142 140 6 3 


500 


207.158.227.235 


500 




T-3 In - Associated with 207.158.227.23 


45 


LAN - Gate 


ESP (50) 


192.168.0.2 




204.71.202.160 




4859 


L-1 Out 


46 


Gate - Net 


ESP (50^ 


142.140.3.6 




204.71.202.160 




4859 


T-1 In 


47 


Net - Gate 


ISAKMP-6 


207.158.227.235 


500 


142.140.3.6 


500 




T-3 Out 


48 


Gate - LAN 


ISAKMP-6 


207 158 227 235 


500 


192.168.0.3 


500 




l_.3 In - Port 500 released 


49 


Net - Gate 


UDP 


207.46.131.137 


1353 


142.140.3.6 


37525 




T-2 Out 


50 


Gate - LAN 


UDP 


207 46 131 137 


1353 


192.168.0.4 


4562 




L-2 In 


51 


LAN - Gate 


ESP (50) 


192.168.0.3 




207.158.227.235 




38935 


L-3 Out 


52 


Gate - Net 


ESP ^50^ 


142 140 6 3 




207.158.227.235 




38935 


T-3 In 


53 


Net - Gate 


ESP (50) 


204.71.202.160 




142.140.3.6 




9802 


T-1 Out 


54 


Gate - LAN 


ESP (50) 


204.71.202.160 




192.168.0.2 




9802 


L-1 In 


55 


Net - Gate 


ESP (50) 


207.158.227.235 




142.140.3.6 




7753 


T.3 Out 


56 


GatS LAN 


ESP (50) 


207.158.227.235 




192.168.0.3 




7753 


L-3 In 


57 



I 




Datagram 

processing 

algorithm 



start timer when port is bound ^ 
Disable timer when port is released 
Release port when time expires 

7 

Figure 8 




